From 35770990e87d789cd5121803a6de06a124ee412a Mon Sep 17 00:00:00 2001 From: Bob Kukura Date: Mon, 3 Feb 2014 23:18:44 -0500 Subject: [PATCH] Replace binding:capabilities with binding:vif_details In addition to binding:vif_type, the neutron core plugin needs to supply various information to nova's VIF driver, such as VIF security details and PCI details when SR-IOV is being used. This information is read-only, requires admin privileges, and is not intended for normal users. Rather than add separate mechanisms throughout the stack for each such requirement, the binding:capabilities port attibute, which is a dictionary and is not currently not used by nova, is renamed to binding:vif_details to serve as a general-purpose mechanism for supplying binding-specific details to the VIF driver. This patch does not remove or replace the CAP_PORT_FILTER boolean previously used in binding:capabilities. A separate patch should implement the specific key/value pairs carried by binding:vif_details to implement VIF security. Another patch will implement the key/value pairs needed for SR-IOV. The ML2 plugin now allows the bound mechanism driver to supply the binding:vif_details dictionary content, instead of just the CAP_PORT_FILTER boolean previously carried by the binding:capabilities attribute. DocImpact: Need to update portbinding extension API, but no impact on user or administrator documentation. Implements: blueprint vif-details Related-Bug: 1112912 Change-Id: I34be746fcfa73c70f72b4f9add8eff3ac88c723f --- etc/policy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/policy.json b/etc/policy.json index bd0bc927..f2dfa0f4 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -52,7 +52,7 @@ "get_port": "rule:admin_or_owner", "get_port:queue_id": "rule:admin_only", "get_port:binding:vif_type": "rule:admin_only", - "get_port:binding:capabilities": "rule:admin_only", + "get_port:binding:vif_details": "rule:admin_only", "get_port:binding:host_id": "rule:admin_only", "get_port:binding:profile": "rule:admin_only", "get_port:binding:vnic_type": "rule:admin_or_owner",